Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

New Linux Flaws Allow Password Hash Theft via Core Dumps in Ubuntu, RHEL, Fedora

The Hacker News by The Hacker News
May 31, 2025
Home Cybersecurity
Share on FacebookShare on Twitter


May 31, 2025Ravie LakshmananVulnerability / Linux

Two information disclosure flaws have been identified in apport and systemd-coredump, the core dump handlers in Ubuntu, Red Hat Enterprise Linux, and Fedora, according to the Qualys Threat Research Unit (TRU).

Tracked as CVE-2025-5054 and CVE-2025-4598, both vulnerabilities are race condition bugs that could enable a local attacker to obtain access to access sensitive information. Tools like Apport and systemd-coredump are designed to handle crash reporting and core dumps in Linux systems.

“These race conditions allow a local attacker to exploit a SUID program and gain read access to the resulting core dump,” Saeed Abbasi, manager of product at Qualys TRU, said.

Cybersecurity

A brief description of the two flaws is below –

  • CVE-2025-5054 (CVSS score: 4.7) – A race condition in Canonical apport package up to and including 2.32.0 that allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces
  • CVE-2025-4598 (CVSS score: 4.7) – A race condition in systemd-coredump that allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original’s privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process

SUID, short for Set User ID, is a special file permission that allows a user to execute a program with the privileges of its owner, rather than their own permissions.

“When analyzing application crashes, apport attempts to detect if the crashing process was running inside a container before performing consistency checks on it,” Canonical’s Octavio Galland said.

“This means that if a local attacker manages to induce a crash in a privileged process and quickly replaces it with another one with the same process ID that resides inside a mount and pid namespace, apport will attempt to forward the core dump (which might contain sensitive information belonging to the original, privileged process) into the namespace.”

Red Hat said CVE-2025-4598 has been rated Moderate in severity owing to the high complexity in pulling an exploit for the vulnerability, noting that the attacker has to first the race condition and be in possession of an unprivileged local account.

As mitigations, Red Hat said users can run the command “echo 0 > /proc/sys/fs/suid_dumpable” as a root user to disable the ability of a system to generate a core dump for SUID binaries.

The “/proc/sys/fs/suid_dumpable” parameter essentially controls whether SUID programs can produce core dumps on the crash. By setting it to zero, it disables core dumps for all SUID programs and prevents them from being analyzed in the event of a crash.

“While this mitigates this vulnerability while it’s not possible to update the systemd package, it disables the capability of analyzing crashes for such binaries,” Red Hat said.

Similar advisories have been issued by Amazon Linux, Debian, and Gentoo. It’s worth noting that Debian systems aren’t susceptible to CVE-2025-4598 by default, since they don’t include any core dump handler unless the systemd-coredump package is manually installed. CVE-2025-4598 does not affect Ubuntu releases.

Cybersecurity

Qualys has also developed proof-of-concept (PoC) code for both vulnerabilities, demonstrating how a local attacker can exploit the coredump of a crashed unix_chkpwd process, which is used to verify the validity of a user’s password, to obtain password hashes from the /etc/shadow file.

Canonical, in an alert of its own, said the impact of CVE-2025-5054 is restricted to the confidentiality of the memory space of invoked SUID executables and that the PoC exploit can leak hashed user passwords has limited real-world impact.

“The exploitation of vulnerabilities in Apport and systemd-coredump can severely compromise the confidentiality at high risk, as attackers could extract sensitive data, like passwords, encryption keys, or customer information from core dumps,” Abbasi said.

“The fallout includes operational downtime, reputational damage, and potential non-compliance with regulations. To mitigate these multifaceted risks effectively, enterprises should adopt proactive security measures by prioritizing patches and mitigations, enforcing robust monitoring, and tightening access controls.”

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
The Hacker News

The Hacker News

Next Post
JPMorgan hired NOAA’s chief scientist to advise clients on navigating climate change

JPMorgan hired NOAA's chief scientist to advise clients on navigating climate change

Recommended.

BDx Achieves Certification in the NVIDIA DGX-Ready Data Center Program to Power AI Data Centres in the region

BDx Achieves Certification in the NVIDIA DGX-Ready Data Center Program to Power AI Data Centres in the region

April 17, 2025
Investors are flooding out of cash to buy stocks. That ‘bull capitulation’ is a sell signal, Bank of America says

Investors are flooding out of cash to buy stocks. That ‘bull capitulation’ is a sell signal, Bank of America says

May 19, 2026

Trending.

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

May 4, 2026
AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

May 1, 2026
AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

April 30, 2026
Google’s 0 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

Google’s $750 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

April 24, 2026
This Scammer Used an AI-Generated MAGA Girl to Grift ‘Super Dumb’ Men

This Scammer Used an AI-Generated MAGA Girl to Grift ‘Super Dumb’ Men

April 21, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio